United States Patent and Trademark Office 



UNITED STATES DEPARTMENT OF COMMERCE 
United States Patent and Trademark Office 

Address: COMMISSIONER FOR PATENTS 
P.O. Box 1450 

Alexandria. Virginia 22313-1450 
www.uspto.gov 



APPLICATION NO, 



FILING DATE 



FIRST NAMED INVENTOR 



ATTORNEY DOCKET NO. 



CONFIRMATION NO. 



10/060,792 



01/29/2002 



44987 7590 07/03/2006 

HARRITY SNYDER, LLP 
1 1350 Random Hills Road 
SUITE 600 

FAIRFAX, VA 22030 



Theron Tock 



DANAP005 



8256 



EXAMINER 



ALAM, UZMA 



ART UNIT 



PAPER NUMBER 



2157 

DATE MAILED: 07/03/2006 



Please find below and/or attached an Office communication conceming this application or proceeding. 



PTO-90C (Rev. 10/03) 



Office Action Summsn/ 


Application No. 

10/060,792 


Applicant(s) 

TOCKET AL. 


Examiner 
Uzma Alam 


Art Unit 
2157 





- The MAILING DATE of this communication appears on the cover sheet with the correspondence address - 



Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS, 

WHICHEVER IS LONGER. FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 1 33). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

Responsive to communication(s) filed on 03 April 2006 . 
2a)n This action is FINAL. 2b)S This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) ISI Claim(s) 1-42 and 44-50 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) n Claim(s) is/are allowed. 

6) IEI Claim(s) 1-42 and 44-50 is/are rejected. 
?)□ Claim(s) is/are objected to. 

8) n Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) n The specification is objected to by the Examiner. 

10) 0 The drawing(s) filed on is/are: 3)0 accepted or b)n objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 
Replacement drawing sheet(s) including the conrection is required if the drawing(s) is objected to. See 37 CFR 1.121 (d). 

11) 0 The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12) 0 Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (f). 
a)n All b)n Some * 0)0 None of: 

1 .□ Certified copies of the priority documents have been received. 

2. n Certified copies of the priority documents have been received in Application No. . 

3. n Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 



Attachment(s) 

1) S Notice of References Cited (PTO-892) 4) □ Interview Summary (PTO-413) 

2) □ Notice of Draflsperson's Patent Drawing Review (PTO-948) Pape^ No(s)/Mail Date. . 

3) S Information Disclosure Statement(s) (PTO-1449 or PTO/SB/08) 5) □ Notice of Informal Patent Application {PTO-152) 

Paper No(s)/Mail Date all of record , 6) □ Other: . 



U.S. Patent and Trademark Office 
PTOL-326 (Rev. 7-05) 



Office Action Summary 



Part of Paper No./Mail Date 20060614 



Application/Control Number: 1 0/060,792 Page 2 

Art Unit: 2157 

DETAILED ACTION 

This action is responsive to the response to the arguments and amendments filed April 3, 
2006. Claims 3 and 44 are amended to clarify the claims and claim 43 is cancelled. Claims 1- 
42, 44-50 are pending. 



Claim Rejections - 35 USC § 102 

1 . The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public use or on 
sale in this country, more than one year prior to the date of application for patent in the United States. 

2. Claims 1, 2, 5-19, 22-30, 34, 35, 38-42 and 44, 47, 49, 50 are rejected under 35 
U.S.C. 102(b) as being anticipated by Coley et al. US Patent No. 5,826,014. Coley teaches the 
invention as claimed including a firewall system for protecting network elements connected to a 
public network (see abstract). 

As per claims 1, 34, 39, and 43 Coley et al. teaches a method, system and computer 
readable medium for accessing resources on a private network via an intermediary server said 
method comprising: 

(a) receiving a login request from a user for access to the intermediary server (column 10, 
lines 1-67; column 11, lines 1-31); 

(b) authenticating the user (column 9, lines 47-60); 
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(c) subsequently receiving a resource request from the user at the intermediary server, the 
resource request requesting a particular operation with respect to a resource from the private 
network (column 11, lines 8-40; column 54, lines 54-67); 

(d) obtaining access privileges for the user (column 9, lines 1-32); 

(e) determining whether the access privileges for the user permit the user to perform the 
particular operation at the private network (column 9, lines 1-32), and 

(f) preventing performance of the particular operation at the private network such that a 
response to the resource request is not had when said determining (e) determines that the access 
privileges for the user do not permit the user to perform the particular operation at the private 
network (column 11, lines 8-40). 

As per claims 19 and 44, Coley et al. teaches a method for providing remote access to a 
private network via an intermediary server, said method comprising: 

(a) receiving a login request from a remote user for access to the intermediary server 
(column 10, line 1-67; column 11, lines 1-31); 

(b) determining whether the remote user is permitted access to the intermediary server 
(column 9, lines 47-60); 

(c) granting the remote user access to the intermediary server when said determining (b) 
determines that the remote user is permitted access, the granted access also carries access 
privileges to predetermined portions of the private network (column 11, lines 8-40, 54-67); 

(d) subsequently receiving a resource request from the remote user at the intermediary 
server, the resource request requesting a particular resource (column 9, lines 1-32) 
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(e) determining whether the resource request from the remote user is permitted by the 
access privileges (column 9, 1-32) 

(f) supplying the particular resource to the remote user when said determining (e) 
determines that the resource request from the user is permitted(column 9, lines 1-32); and 

(g) denying the remote user from access to the particular resource when said determining 
(e) determines that the resource request from the user is not permitted (column 1 1 , lines 8-40). 

As per claims 2 and 35, Coley et al. teaches a method as recited in claim 1 , wherein the 
particular operation is one of a resource request, a file access operation or an email operation 
(column 8, lines 26-41) 

As per claims 5 and 37, Coley et al. teaches a method as recited in claim 1, wherein the 
intermediary server stores the access privileges for a plurality of users (column 9, lines 1-32; 
column 11, lines 8-40). 

As per claim 6, Coley et al. teaches a method as recited in claim 1 , wherein the 
intermediary server stores an authentication identifier for each of a plurality of users, the 
authentication identifier identifies an external authentication server to be used to perform said 
authenticating (b) (column 10, lines 36-55; column 11, lines 8-40). 
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As per claim 7, Coley et al. teaches a method as recited in claim 6, wherein the external 
authentication server is within the private network (column 10, lines 36-55; column 11, lines 8- 
40). 

As per claim 8, Coley et al. teaches a method as recited in claim 7, wherein the 
authentication identifier comprises a network address for the external authentication server 
(column 9, lines 34-46). 

As per claim 9, Coley et al. teaches a method as recited in claim 1, wherein the resource 
request is from a client-side application operating on a client machine (column 8, lines 29-41; 
column 9, lines 1-32). 

As per claim 10, Coley et al. teaches a method as recited in claim 9, wherein the client 
side application is selected from the group consisting of a web browser, an email application or a 
file access application column 8, lines 26-41). 

As per claim 11, Coley et al. teaches a method as recited in claim 1 , wherein the user is a 
remote user (column 8, lines 29-41; column 9, lines 1-32). 

As per claims 12 and 38, Coley et al. teaches a method as recited in claim 1, wherein the 
resource request is from a client-side application operating on a remote client machine (column 
8, lines 29-41; column 9, lines 1-32). 
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As per claim 13, Coley et al. teaches a method as recited in claim 1, wherein the private 
network is an 25 intranet or other network (column 8, lines 29-41; column 9, lines 1-32). 

As per claim 14, Coley et al. teaches a method as recited in claim 1 , wherein the resource 
request is from a network browser (column 8, lines 29-41; column 9, lines 1-32). 

As per claim 15, Coley et al. teaches a method as recited in claim 1 , wherein said method 
further comprises: (g) performing the particular operation at the private network to determine a 
response to the resource request when said determining (e) (column 8, lines 29-41; column 9, 
lines 1-32). 

As per claims 16 and 40, Coley et al. teaches a method as recited in claims 1 and 34 , 
wherein the user has an Internet Protocol (IP) address associated therewith, and wherein said 
determining (e) comprises: 

(el) determining whether the access privileges for the user permit the user to perform the 
particular operation at the private network; and 

(e2) determining whether the IP address associated with the user is authorized. 

As per claims 17 and 41, Coley et al. teaches a method as recited in claim 16 and 40, 
wherein said determining (e) further comprises: (e3) determining whether time-of-day 
restrictions are satisfied (column 9, lines 61-67; column 10, lines 1-26). 
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As per claims 18 and 42, Coley et al. teaches a method as recited in claims 17 and 40, 
wherein the access privileges comprise permitted operations, authorized IP addresses, and time- 
of-day restrictions for a plurality of users (column 9, lines 34-67; column 10, line 1-26; column 
11, lines 8-53). 

As per claims 22 and 47, Coley et al. teaches a method as recited in claim 19, wherein 
said supplying (f) comprises: (fl) determining a host name for a remote server hosting the 
particular resource being requested, (f2) sending a request for the particular resource to the 
remote server based on the determined host name; and (O) receiving, at the intermediary server, 
a response to the request from the remote server (column 12, lines 6-24; column 13, lines 1 1-20). 

As per claim 24 and 28, Coley et al. teaches a method as recited in claims 19 and 23, 
wherein the private network is an intranet (column 8, lines 29-41; column 9, lines 1-32). 

As per claims 25 and 29, Coley et al. teaches a method as recited in claims 19 and 23, 
wherein the resource request is from a network browser (column 8, lines 29-41; column 9, lines 
1-32). 
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As per claims 26 and 49, Coley et al. teaches a method as recited in claims 23 and 34, 
wherein the resource request is from a cHent-side application operating on a remote cUent 
machine (column 8, lines 29-41; column 9, lines 1-32). 

As per claims 27, 30 and 50, Coley et al. teaches a method as recited in claims 25, 19, 
and 44 wherein the client-side application is selected from the group consisting of: a web 
browser, an email application or a file access application (column 8, lines 29-41; column 9, lines 
1-32). 



Claim Rejections - 35 USC § 103 



1 . The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 



2. Claims 3, 4, 20, 21, 23, 31-33, 37, 45, 46 and 48 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over Coley et al. US Patent No. 5,826,014 in view of Win et al. US Patent 
No. 6,182,142. Coley teaches the invention as claimed including a firewall system for protecting 
network elements connected to a public network (see abstract). Win teaches the invention as 



claimed including access and registry servers to provide secure access to clients (see abstract). 
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As per claim 3 and 36, Coley et al. teaches a method as recited in claim 1. Coley does 
not teach wherein said authenticating (b) determines whether the user is authenticated based on 
an external authentication server. Win teaches wherein said authenticating (b) determines 
whether the user is authenticated based on an external authentication server. Win teaches an 
access server (106) and registry server (108) that exchange information to authenticate a user. 
See Figure 5A. It would have been obvious to a person of ordinary skill in the art at the time of 
the invention to combine the authentication of Coley with the external authentication of Win. A 
person of ordinary skill in the art would have been motivated to do this because this is quality of 
a conventional firewall system (Coley et al. column 7, lines 19-22). 

As per claim 4, Coley et al. teaches a method as recited in claim 3. Win does not teach 
wherein the external authentication server is within the private network. Win teaches wherein 
said authenticating (b) determines whether the user is authenticated based on an external 
authentication server. Win teaches an access server (106) and registry server (108) that 
exchange information to authenticate a user. See Figure 5 A. It would have been obvious to a 
person of ordinary skill in the art at the time of the invention to combine the authentication of 
Coley with the external authentication of Win. A person of ordinary skill in the art would have 
been motivated to do this because this is quality of a conventional firewall system (Coley et al. 
column 7, lines 19-22). 
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As per claims 20 and 45, Coley et al. teaches a method as recited in claim 19, wherein 
said supplying (f) comprises: (fl) retrieving the particular resource from a content server. Coley 
does not teach (f2) modifying at least one URL within the particular resource, and (f3) sending 
the modified resource to the remote user. Win teaches modifying resources before sending it to 
the client. Column 8, lines 45-55. It would have been obvious to a person of ordinary skill in 
the art at the time of the invention to combine modification of Win with the resources of Coley. 
A person of ordinary skill in the art would have been motivated to do this to provide a more 
secure resource to the client. 

As per claims 21, 23, 46 and 48 Coley et al. teaches a method as recited in claim 19. 
Coley does not teach wherein said supplying (f) comprises: (fl) modifying the response so that 
links within the response point to the intermediate server; and (f2) sending the modified resource 
to the remote user. Win teaches (fl) modifying the response so that links within the response 
point to the intermediate server; and (f2) sending the modified resource to the remote user. 
Column 8, lines 45-55. It would have been obvious to a person of ordinary skill in the art at the 
time of the invention to combine modification of Win with the resources of Coley. A person of 
ordinary skill in the art would have been motivated to do this to provide a more secure resource 
to the client. 
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As per claim 31, Coley et al. teaches an intermediary server system, comprising: a web 
server that receives requests for resources from client machines via a network (column 7, lines 1- 

21); 

a protocol handler operatively connected to said web server, said protocol handler 
receives the requests for resources, modifies the requests to be directed to appropriate remote 
servers via the private network, and forwards the modified requests for resources to the 
appropriate remote servers(column 7, lines 35-62); and 

a content transformer operatively connected to said protocol handler, said content 
transformer receives the resources supplied by the appropriate remote servers in response to the 
modified requests and modifies the resources such that at least certain links contained therein are 
modified to be directed to said intermediary server system instead of remote servers (column 7, 
lines 35-62; column 8, lines 63-67; column 9, lines 1-31). 

As per claim 32 Coley and Win teach an intermediary server system as recited in claim 
31, wherein said intermediary server system further comprises: 

An authentication manager that manages access by said client devices to resources on the 
private network (Coley; column 9, lines 47-60) ; and 

A data store for storage of session authentication information and access privileges for 
the users (column 9, lines 1-37; column 11, lines 8-40), 

Wherein access to the resources is not permitted unless the user requesting the access is 
authenticated and has sufficient access privileges (column 1 1, lines 8-40). 
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As per claim 33, Coley and Win teach a system as recited in claim 32, 

Wherein said system further comprises an authentication server provided within said 

private network for authenticating the users to provide authentication resuhs (column 9, lines 47- 

60), and 

Wherein said intermediary server permits or denies access to said private network via 
said intermediary server by the users based on the authentication results (column 1 1, lines 8-40). 

As per claim 37, Coley teaches a computer readable medium as recited in claim 34. 
Coley does not teach wherein the intermediary server stores the access privileges for a plurality 
of users, and wherein the intermediary server stores an authentication identifier for each of a 
plurality of users, the authentication identifier identifies an external authentication server to be 
used to perform authentication. 

Win teaches Wherein the intermediary server stores an authentication identifier for each 
of a plurality of users, the authentication identifier identifies an external authentication server to 
be used to perform authentication. Win teaches an access server (106) and registry server (108) 
that exchange information to authenticate a user. See Figure 5A. It would have been obvious to 
a person of ordinary skill in the art at the time of the invention to combine the authentication of 
Coley with the external authentication of Win. A person of ordinary skill in the art would have 
been motivated to do this because this is quality of a conventional firewall system (Coley et al. 
column 7, lines 19-22). 
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Response to Arguments 

3. Applicant's arguments with respect to claims 1, 3, 4, 20, 21 and 31-33 have been 
considered but are moot in view of the new ground(s) of rejection. 

Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Uzma Alam whose telephone number is (571) 272-3995. The 
examiner can normally be reached on Monday-Tuesday 5:30 AM - 2:00 PM. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ario Etienne can be reached on (571) 272-4001 . The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 



Uzma Alam 
Ua 

June 15, 2006 



